import jwt from 'jsonwebtoken'
import Unauthorized from '../errors/unauthorized'
import { JWT_SECRET_DEV } from '../utils/constants'

const { NODE_ENV, JWT_SECRET } = process.env
const auth = (req, res, next) => {
  const { authorization } = req.headers

  if (!authorization || !authorization.startsWith('Bearer')) {
    throw new Unauthorized('Необходима авторизация')
  }
  const token = authorization.replace('Bearer ', '')

  let payload

  try {
    payload = jwt.verify(token, NODE_ENV === 'production' ? JWT_SECRET : JWT_SECRET_DEV)
  } catch (err) {
    throw new Unauthorized('Необходима авторизация')
  }

  req.user = payload
  next()
}

export default auth
